Qualys researchers disclosed multiple vulnerabilities in the Linux kernel's AppArmor security module, dubbed 'CrackArmor'. The flaws range from denial of service and kernel memory information leaks to local privilege escalation when combined with a sudo vulnerability. Affected Ubuntu releases (back to 22.04 LTS for sudo, 20.04 LTS for su hardening) are receiving patches. Fixes cover issues including DFA bounds validation, memory leaks, double frees, race conditions, and unprivileged policy management. The su utility in util-linux is also being hardened to prevent exploitation in host deployments.
Sort: